commit db9a38c6721435d73196a69541bc67e9ccf61744
author gabor-mezei-arm <gabor.mezei@arm.com> Mon Sep 27 11:28:54 2021 +0200
committer gabor-mezei-arm <gabor.mezei@arm.com> Tue Sep 28 16:16:14 2021 +0200
tree 152aae5afd4a9da776b1932d768d723515b2ad4b
parent 9fa43ce2380f81537dc28adf35cba4edc5d388bf

Move contatnt-time memcmp functions to the contant-time module

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>

library/constant_time.c

diff --git a/library/constant_time.c b/library/constant_time.c
index 9f0229b..cb156bc 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -18,3 +18,77 @@
  */
 
 #include "common.h"
+#include "constant_time.h"
+
+/* constant-time buffer comparison */
+int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    volatile const unsigned char *A = (volatile const unsigned char *) a;
+    volatile const unsigned char *B = (volatile const unsigned char *) b;
+    volatile unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+    {
+        /* Read volatile data in order before computing diff.
+         * This avoids IAR compiler warning:
+         * 'the order of volatile accesses is undefined ..' */
+        unsigned char x = A[i], y = B[i];
+        diff |= x ^ y;
+    }
+
+    return( diff );
+}
+
+/* Compare the contents of two buffers in constant time.
+ * Returns 0 if the contents are bitwise identical, otherwise returns
+ * a non-zero value.
+ * This is currently only used by GCM and ChaCha20+Poly1305.
+ */
+int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
+                                  size_t len )
+{
+    const unsigned char *p1 = (const unsigned char*) v1;
+    const unsigned char *p2 = (const unsigned char*) v2;
+    size_t i;
+    unsigned char diff;
+
+    for( diff = 0, i = 0; i < len; i++ )
+        diff |= p1[i] ^ p2[i];
+
+    return( (int)diff );
+}
+
+/* constant-time buffer comparison */
+unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    volatile const unsigned char *A = (volatile const unsigned char *) a;
+    volatile const unsigned char *B = (volatile const unsigned char *) b;
+    volatile unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+    {
+        /* Read volatile data in order before computing diff.
+         * This avoids IAR compiler warning:
+         * 'the order of volatile accesses is undefined ..' */
+        unsigned char x = A[i], y = B[i];
+        diff |= x ^ y;
+    }
+
+    return( diff );
+}
+
+/* constant-time buffer comparison */
+int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    const unsigned char *A = (const unsigned char *) a;
+    const unsigned char *B = (const unsigned char *) b;
+    unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+        diff |= A[i] ^ B[i];
+
+    return( diff );
+}